Kali LInux Metapackages - Kali Linux. This is a very informative post by the Kali team on all the different custom meta packages available. It provides a nice description of the differences between them all as well as the size-on-disk impact each package choice makes.

“One of our goals when developing Kali Linux was to provide multiple metapackages that would allow us to easily install subsets of tools based on their particular needs. Until recently, we only had a handful of these meta packages but we have since expanded the metapackage list to include far more options:

kali-linux

kali-linux-all

kali-linux-forensic

kali-linux-full

kali-linux-gpu

kali-linux-pwtools

kali-linux-rfid

kali-linux-sdr

kali-linux-top10

kali-linux-voip

kali-linux-web

kali-linux-wireless

“These metapackages allow for easy installation of certain tools in a specific field, or alternatively, for the installation of a full Kali suite. “

Fix problems that programs cannot be installed or uninstalled - Microsoft Support - I mentioned this tool in a previous GSD post but at the time hadn’t deployed it yet. What it does is give you the option to deploy to the system at hand to in a “portable” mode to carry with you. When you run the tool it gives you a menu from which you can select the category of issue you are running into, as well as a more detailed sub-listing of specific issues to pick from. Once selected, it will deploy the possible fix to the issue.

Sadly, it was no help to me in my repeated failures to get IE 10 or IE 11 installed on the church-house Win 7 x64 bit PC’s. It keeps failing with cryptic error messages that the required updates are not on the system, but even laboriously manually downloading and installing the documented IE 10/11 prerequisites results in the same failure.

I’ve spent a lot of time picking though the IE 10/11 update log file (IE11_main.log) generated and cross matching it with a system that has a good/successful log install report, but despite everything so far, IE 10/11 upgrades just keeps failing. I’m not alone in this issue. That will be a post for another day, though… And I haven’t done an Process Monitor trace file capture yet either…speaking of…

A few nights ago, I came home from work and Lavie was quite frustrated with her iPhone.

She had heard a local news story about how the iPhone can track the user and how to disable the feature…only she couldn’t find the news story on the station’s web-site despite their comment.

I was familiar with a number of “feature” settings that could conceivable track and “spy” on your iPhone usage habits and personal travels, but none of those seemed to satisfy Lavie’s understanding of the news story.

“On an iPhone, it’s a bit more complicated. Just go to ‘Settings’, click ‘Privacy’, then select ‘Location Services’, scroll down to ‘System Services’, that’s where you find ‘Frequent Locations’. Just turn that feature off.”

The news story wraps a lot of drama around the issue but it certainly succeeded in getting Lavie’s attention.

Now even more reports are rolling in of these types of PCI hacks. It was bad enough consumers had to be on the constant lookout for malware on their own systems that could steal their account information, then there are the ATM/skimmers we have watch out for, now, even within a merchant’s own POS systems and network these bad-boys lurk.

And even when notified by their own bank, now customers are doubly confused and hesitant if the call is legitimate or another social-engineering-hack-attack playing on the public fears and news reports.

When we got a similar call on the voice-mail last week, Lavie didn’t even bother writing down the call back number left (good girl!). Instead she pulled out our local bank branch contact information and went directly to the source. Yep it was legit -- another merchant we shopped at also got hit in a breach similar to Target’s. Yep, more card replacements on the way; again.

A few simple searches on Google will demonstrate the bank card industry has been wresting with these issues for a long time. Only previously, it seems the scale of the problem had been small enough to fly under the general public consciousness radar. With Target it was so big and touched so many that the barn doors were flung wide open and the cows were in the corn for everyone to see. Now we see shadows behind every merchant’s POS system.

The battle between the fraud perpetrators and the security pros ratchets up a few more notches. It’s the new cold-war baby…oh, wait…I hear that’s starting up again as well. I guess I need to start watching “The Americans” on FX to get prepared again.

For more reads on the topic; both breaches and proposed solutions to get the cows back in the barn…

Now I’ve been running EMET since at least back from June 2013, and have seen or heard nary a peep from it. I’m not complaining. That’s a good thing. I’m just running it with the standard default settings selected at installation.

Strangely enough, this weekend, using EMET 5.0 TP I saw my very first alert occur!

For whatever reason, when I use Internet Explorer 11 I find that this EMET 5.0 TP version is particularly active spotting and blocking potential gotcha’s.

I can’t wait to see what the final EMET 5.0 will do when it finally comes out.

OpenedFilesView - Nirsoft - I normally only mention new NirSoft tools, but this older application release is noteworthy as Nir Sofer reports he found he does have a valid digital signature he can use with it so you won’t need to run in on 64-bit systems in driver signing test mode any longer. Sweet!

Trying to find comprehensive release notes on any of the Windows Live Essential applications is a nightmare. However I did eventually track down this page which seems better than nothing: Windows Live Essentials release notes

One of the duties I have in the shop is take an image of a bootable USB master stick we get and clone that image to our team’s USB sticks for a project.

We then use that USB to image our systems.

In the past I have requested purchase of a dedicated USB duplication device such as this Aleratec 1:10 USB 3.0 Copy Cruiser Mini Duplicator. It’s a very cool tool and has some good supporting software and can handle a lot of concurrent image restorations efficiently.

That never passed though the approval process so I’ve been left with using a poor-man’s solution.

First, find a good multi-port USB hub. They are pretty inexpensive so you could get a bunch. I particularly like these as the capacity is high with 10 USB ports.

You can find some with up to 25 USB ports if you search deeply enough. What I liked about these were that the ports seem pretty widely spaced to allow for oversized USB stick cases. That isn’t always the case.

Tip: If you pick up ones with the ports too closely spaced, then you are left either not using all the ports due to clearance issues or having to pick up a bunch of 1.5ft USB 2.0 A Male to A Female Extension cables to get them all plugged in with the clearance issue worked around.

OK. Now that the hardware is set up, the imaging software.

There are a lot of free USB imaging tools out there.

For one-off imaging work I prefer to use Alex’s USB Image Tool. It can capture an image, it can restore an image, you can take a full device image or a partition image. What I really like is that it also provides additional details about the device such as the serial number and other coded information. That’s helpful if you want to log each device for tracking. However I don’t find it quite as well suited for restoring the same image to multiple sticks concurrently.

It captures a BIN file format of the entire USB device (rather than the partition).

And it can restore the image concurrently to as many USB sticks as you want with nary a fuss or hiccup.

It doesn’t give you the same amount of device details (serial numbers/etc.) that the USB Image Tool does, but that’s why having a few different tools in your toolbox is helpful.

So here’s the recipe for the poor man’s multi-USB duplicator:

Use ImageUSB to capture your USB stick to an image file.

Connect up your multi-port USB hub(s) as needed to your system.

Plug in your target USB drives to the hub ports.

Use ImageUSB to write your USB image to the USB sticks.

Done.

Important Note: The capacity of the USB sticks you are putting the image onto need either be equal to, or in excess of the capacity size of the original “master” USB stick. If not, you will either end up truncating your image and risking data loss, or (depending on the software) it won’t write the image at all.

This is important as not all USB sticks that say they have “X” capacity the same, actually have the same amount of accessible space on them. That leads us to…

Part 2 of this story.

See, the above process has been rolling on quite well for some months now.

Only we needed more USB sticks for each team-member to carry with the same image build to hike up multi-tasking efficiencies.

And the purchaser ended up selecting and buying USB sticks that were a different mode/make. Even though they both were USB 3.0 sticks, and even though they were both “64 GB” capacity sticks, when I went to put the image taken from the original stick model on the new one, the accessible capacity of the second USB stick was significantly lower enough to not allow me to safely or confidently put the image on it without risking truncating the image/data in the process.

That’s not good.

So this is what I ended up doing on my x64 bit Win 7 system…

(Method 1)

I first captured an ImageX (file-based) image of one of my larger cloned USB sticks.

Depending on your drive letterings, the command-line may vary but the basic structure is thus:

imagex /capture E: c:\temp\USB_Image.wim “USB Image base”

where “E:” is the USB drive letter and “C:” is my local system hard drive.

This captured all the files on the (larger 64 GB) USB drive into a WIM format image.

Then I removed my larger master USB stick.

I then connected the other (smaller 64 GB) USB drive to my system.

And did this from the command line window.

>DISKPART

DISKPART>LIST DISK

note: this was to confirm which disk number the USB drive was showing at…in this case the USB stick was disk 1 as my system disk was disk 0. Be sure you get this part identified correctly or bad things can happen! Your system will almost certainly vary!

DISKPART>SELECT DISK 1

DISKPART>CLEAN

DISKPART>CREATE PARTITION PRIMARY

DISKPART>ACTIVE

DISKPART>ASSIGN LETTER = E

DISKPART>EXIT

>format E: /fs:ntfs /q /y

note: at this point I have a freshly formatted (smaller) USB stick that is empty. Next I need to make it “bootable” so the USB stick will work as designed for system booting/imaging after the files are restored. I used the bootsect.exe tool to do this. You should be able to find it under the Windows ADK that you probably installed to get to this point to first have snagged imagex.

At this point I now have the original USB file sets from the larger bootable USB stick ported over to the smaller (also now bootable) USB stick.

I then used ImageUSB to capture a fresh (and smaller) device-based image file of that USB stick.

I then wrote that image to all of the smaller USB sticks.

Done and they all worked just like their bigger brothers.

Now I have two image files to use depending on the target drive’s capacity.

Had the original image been from the smaller drive then I could have put it on the larger drive with no worries or concerns as I would not have faced data truncation in that instance. If the tiny bit of capacity difference mattered, I could have used something like gparted to then expand the partition to take in the remaining unused capacity.

But if you don’t want to do all this stuff, there was another path I could have taken (I’m not sure it was any less work though).

This doesn’t get me any of the magic code that makes the device bootable, just captures all the partition files instead of using ImageX.

Then I would have removed the master stick, placed in the smaller target stick, still done the whole DISKPART & format & bootsect steps in method 1.

Then I would have used the USB Image Tool to put the volume image back on the USB stick.

Then I would have captured the device image using the ImageUSB utility, and used it to put that image on the remaining (smaller) USB sticks I needed to clone.

Lesson to be learned?

Well, not all 64 GB USB sticks are the same. And if you have a big project that requires cloning a lot of USB drives, it might be wise to stick with the same exact USB make/model/capacity for the project to avoid having to create multiple images to handle the different stick capacities.

Bonus Tip:

Once you have the image file captured, if you don’t want to plug in your USB stick but want to reference the files/structure in it, you can use any of a number of tools to mount that image for review:

The WIM file can be addressed all number of manners with Windows tools and utilities. Most are fun and geeky. But for a fast, no-fuss solution, PeaZip can be used to open/extract WIM files no problem.

If you have a BIN or IMG image file, then you have some other options as well.

OSFMount - from PassMark Software maker of ImageUSB we have been discussing has a free tool that handles all kinds of image files for mounting and some manipulations.

03/11/14 post update -- Correction made to references. PassMark Software is maker of ImageUSB utility. Previously had noted it was OSForensics, which is their URL and also the name of their free/$$ multi-feature computer forensics application. Credit to Steve Si for catching my error and alerting me.

Also, check out Steve Si’s timely post Bulk duplication of USB drive images over at his RMPrepUSB, Easy2Boot and USB Booting… blog. Steve goes into great detail about the differences in storage capacity that can be found, even between the same USB devices from the same maker. He also includes a tutorial on using his RMPrepUSB tool to handle the image capture portion rather than relying on some potential gotchas that lurk with using the ImageUSB tool. Check it out and his comment to this post below.

However the other day I was on the church-house computer wanting to work with a free-from-the-community background image file. And it was in PSD format. And this computer didn’t have any PSD file format compatible software on it.

Problem?

No problem.

I do have the freeware Paint.NET application running on this system for quick image work and editing.

I downloaded and installed the Paint.NET PSD Plugin via CodePlex. The plugin enables loading and saving of Photoshop PSD files. According to the site page, it was originally written by Frank Blumenberg and is now covered by Tao Yue.

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!